# Filters added to this controller apply to all controllers in the application.
# Likewise, all the methods added will be available for all controllers.

class ApplicationController < ActionController::Base
  include AuthenticatedSystem
  before_filter :user_control

  private
  def user_control
    if request.request_uri.index('/users/')
      if request.remote_ip != '127.0.0.1'
        render :text => INVALID_CLIENT_HTML, :status => 403
      end
    end
  end

  helper :all # include all helpers, all the time

  # See ActionController::RequestForgeryProtection for details
  # Uncomment the :secret if you're not using the cookie session store
  protect_from_forgery # :secret => '4bafbaa3578534faa879dd4b4f64bb3a'
  
  # See ActionController::Base for details 
  # Uncomment this to filter the contents of submitted sensitive data parameters
  # from your application log (in this case, all fields with names like "password"). 
  # filter_parameter_logging :password

  INVALID_CLIENT_HTML =<<-EOD
  <html>
    <head>
      <title>Forbidden</title>
   </head>
   <body>
   <h1>403 Forbidden</h1>
   </html>
  EOD

  session :session_key => '_album_session_id'

end
